Cybersecurity
News institutionnelles

ABBL

Attention: Increased phishing attacks

Over recent weeks the ABBL has been informed of a marked increase in phishing attacks in Luxembourg. These attacks are mainly by telephone, but also by email, whereby the attacker attempts to get e-banking access details or credit card details from the victim.

Typical attacks

The victim receives a ‘Microsoft support call’ from someone claiming to be an employee of the support service who puts pressure on the victim, saying that they have detected a virus on their PC, or that they are using a vulnerable version of software. They then offer direct assistance using remote access, such as ‘TeamViewer’, so that they can take over the screen. After several minutes, the hacker claims that the issue has been resolved and asks the victim to pay for the service. They are invited to make an electronic transfer of €5-10 to a foreign bank account. Once the transfer has been made, the victims screen turns black, and the hacker asks the victim that this is normal and that they should wait a few minutes. During this time, the hacker uses the open e-banking session to make fraudulent transfers.

The second version is an ‘urgent’ email saying that your subscription to Netflix, Amazon Prime etc. has been refused and you need to update your payment details. If you do not react, these emails become more and more urgent, saying that the subscription will be terminated if you do not update your details. You are invited to click on the ‘update payment details and key in your credit card number. Once you have put in all the information, the screen freezes. During this time, the hacker steals your credit card details and attempt to make other payments.

Remember the basics of cybersecurity 

Never give remote access to your device (PC, tablet, phone, ...) unless it is to someone you you trust and know

Keep your software updated, including your browser, antivirus and operating system

Be especially vigilant if the ‘bank’ email requests sensitive information from you (e.g. your online bank account password). A legitimate bank will only communicate with you securely through your online bank account

Look at the email closely: check for inconsistencies and anything that doesn’t make sense

“Mouse over” the sender’s address and look carefully at the actual sender: if possible, compare the sender’s email address with previous real messages from your bank

If you need to update payment details, only do this once you are logged into the secure area of a company’s website (check for the https:// at the beginning of the website URL

Watch out when using a mobile device - it may be harder to spot a phishing attempt from your phone or tablet : you can’t “mouse over” a questionable link, while the smaller screen makes you less likely to spot obvious mistakes